Crate scratchstack_aws_signature[][src]

The aws_sig_verify crate provides AWS SigV4 verification routines. This is not the library you want if you just want to call AWS services or other services that use AWS SigV4 signatures. Rusoto already has a library, rusoto_signature, that provides this functionality.

If you are attempting to perform AWS SigV4 verification using AWS-vended credentials, this library also will not work for you. You need the caller’s secret key (or a derivative), and AWS does not allow this for obvious reasons. Instead, you should be using API Gateway with IAM authentication.

On the other hand, if you have your own ecosystem of AWS-like credentials and are developing mock-AWS services or just really like AWS SigV4 but can’t run within AWS, this library might be for you.

Structs

GetSigningKeyFn
GetSigningKeyRequest
Request

A data structure containing the elements of the request (some client-supplied, some service-supplied) involved in the SigV4 verification process.

SigningKey

A signing key of some type.

Enums

SignatureError

Error returned when an attempt at validating an AWS SigV4 signature fails.

SigningKeyKind

The types of signing key available.

Traits

GetSigningKey

A trait bound that describes how we obtain a signing key of a given type given a request. If you need to encapsulate additional data (e.g. a database connection) to look up a key, use this to implement a struct.

Functions

canonicalize_uri_path

Normalizes the specified URI path, removing redundant slashes and relative path components.

get_signing_key_fn

Wrap an async function taking a signing request and returns a result into a GetSigningKey trait implementation.

normalize_query_parameters

Normalize the query parameters by normalizing the keys and values of each parameter and return a HashMap mapping each key to a vector of values (since it is valid for a query parameters to appear multiple times).

normalize_uri_path_component

Normalize the path component according to RFC 3986. This performs the following operations:

sigv4_get_expected_signature

Return the expected signature for a request.

sigv4_verify

Verify a SigV4 request. This verifies that the request timestamp is not beyond the allowed timestamp mismatch against the current time, and that the request signature matches our expected signature.

sigv4_verify_at

Verify a SigV4 request at a particular point-in-time. This verifies that the request timestamp is not beyond the allowed timestamp mismatch against the specified point-in-time, and that the request signature matches our expected signature.